Software Control Flow Anomaly Detection Technology Based On Neural Network

Abstract

This paper presents a control flow anomaly detection model, which applies neural network to control flow anomaly detection and performs feature extraction and behavior modeling of control flow. At present, there is little research on the control flow anomaly detection of neural networks, and there is no in-depth research on the feature extraction of data. We studied the characteristics of control flow, used Intel Processor Trace to implement the extraction and processing of control flow, and designed a basic block vectorization method based on time series features and a basic block vectorization method based on structural features. The vectorization methods eliminate the manual amount of feature engineering. The anomaly detection model uses a bidirectional LSTM and it combines the idea of a classification plane. We perform corresponding evaluations based on the adobe reader software. Experimental results show that the model achieves a 98.74% recall rate and a 0.44% false positive rate for the corresponding control flow anomaly detection of Adobe Reader in an offline environment, effectively detects the exploit, and successfully distinguishes between benign and malicious control flow.